March 2005

- If lightning comes down your phone line (it happens) and you have an internal modem, your whole computer is likely to be fried. With an external modem, you'll lose the modem, but probably not anything else. People insist that UPS'es and surge protectors can prevent this. Maybe so, but external modems are already more isolated from the computer so with all else being equal, they are less likely to pass current to the expensive stuff...

- Microsoft doesn't fully document these, but if you pressed on, you'd also find that a DocFile looks an awful lot like a FAT file system, and it's apparent that Microsoft apps use it in a similar manner, looking up sections much as you'd look for files or directories on a disk. That can get pretty interesting as was noted at http://www.advogato.org/article/754.html

- only root user can print, normal users cannot. Hi, i am using SCO OpenServer 5.0.6 and i have this strange problem. Only root users can print, normal users cannot print and no errors are shown. I am sure its a rights problem but dont know where...I hope you can help me. Thanks

- Oh, a book on iptables? No. Oh, sure, this does cover iptables, but this is a complete, soup to nuts Linux security book, starting with installation and proceeding right through to what to do if you have been breached. About the only thing not covered is web server security which, as the author explains, needs a whole other book.

- Without 'users', if you just want a simple list of who's logged in, you have to run "w" or "who" and pipe it through awk, or cut or sed or whatever to extract the one piece of information you actually wanted.

- Probably the hardest part of this is configuring its web interface. While I know how to add something foreign like this to an existing webserver, I suspect at least a few admins would fail or need help.

- Microsoft services for unix: Itweek suggested that this might have been part of the reason Microsoft paid licensing fees to SCO ( not that they wouldn't have done so for darker reasons also, but this could have been another part of it).

- The program fam is a server that processes communicate with. Your app needs to link with libfam, register the files or directories you want to monitor, and check back for updates or just sleep waiting to be awoken by a change

- This is designed to be a shell for users you don't want to have a shell. It's probably unnecessary on most modern systems which have binary "shells" for this purpose (/sbin/nologin or /sbin/false). On older systems, these "no shell" shells were shell scripts, which rather obviously use a real shell and thus have at least the potential for abuse. Consequently, the old practice often was to use /dev/null as the "shell". The only problem with that is that you get no logging; "noshell" and the other modern equivalents will log the access attempt to syslog.

- On traditional Unix systems, Sarcheck analyzes data produced by "sar", but Linux systems don't usually have sar. It is available as part of the sysstat package on RedHat, and I do recommend that you install sysstat if you can, but Sarcheck on Linux installs its own data collection tools.

- The value of sar (for those not familiar with it) is that it collects statistics through cron (the sysstat rpm automatically installs a "sysstat" job in /etc/cron.d for this). You can examine the results at your leisure, but more importantly this means that you can see what "normal" performance looks like for your system, which is critically important in diagnosing sudden problems.

- This has lead to the perverse situation were you can actually store programs and files inside other file's ADS's and the end user has no way to know that they exist. You can even stick data into directories.. even C:\!

- The more security books I read, the more I feel like I'm standing in a hall of mirrors, with the villian plainly visible pointing a weapon at me. But where is he? Which reflection is the one I need to pay attention to?

- When you boot up the sco box you end up with a gui login. Is there a hotkey to drop that down to the command line login? I need access to the command line on virtual console 2 as a different user, but it can only login on 2 via command line login

- While I understand that this probably has value in studying languages in general, I think parts of it are more than silly. Why, for example, avoid having a word with more than one meaning? Very often, the multiple meanings are related in ways that can help with comprehension and give deeper insight - it may confuse computers, but it helps us.

- Portmapper is not responding: I recently moved this network over to a new office and one of the machines was a sco Unix box using SCO OpenServer 5.0.6. Now when I boot it up it hangs for awhile at the bringing up interface tty02.. please wait screen. Then after like 5 minutes I start getting portmapping errors. It appears to try to connect to an ip address that apparently is not there. It shows the error 3 times and just sits there.

- So.. for this to make sense our hacker has to first come in with a real ip address and fail to login the magic number of times. He then notices that he's been blocked, and revengefully decides to spoof ip's

- Password security. John the Ripper attempts to crack passwords by comparing the hashed version with hashes computed from common words, permutations of common words, pointless additions ("alex123", "betty222" and the like).

- "We want to use the default cron set up with our Red Hat (/etc/cron.hourly, /etc/cron.daily). We have placed files in these directories and they work great. According to the Red Hat Sys Adm guide, we should be able to put files in the /etc/cron.d directory when we want to run them at times other than hourly, daily, weekly. I placed a test file in the /etc/cron.d dir that has the same format as cron. This file is set to run every 5 minutes. It does not run."

- The Linux colorizing fouls things up royally. You can shut off command line colorizing by editing /etc/DIR_COLORS and changing COLOR tty to COLOR none or (less drastically) by removing the TERM ansi line from the same file (which removes colorization for ansi but doesn't affect console use). But that still leaves vi messing things up. The fix for that is to add

- Core files will then just be named "core". People do things like that so that a user can choose to put a non-writable file named "core" in directories where they don't want to generate core dumps. That could be a directory (mkdir core) or a file (touch core;chmod 000 core). I've seen it suggested that a symlink named core would redirect the dump to wherever it pointed, but I found that didn't work. But perhaps more interesting is that you can do:

- PAM is the Pluggable Authentication Module, invented by Sun. It's a beautiful concept, but it can be confusing and even intimidating at first. We're going to look at it on a RedHat system, but other Linuxes will be similar - some details may vary, but the basic ideas will be the same.